This is a custom instance of the MITRE ATT&CK Website. The official website can be found at attack.mitre.org.
SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
pngdowner
pngdowner is malware used by Putter Panda. It is a simple tool with limited functionality and no persistence mechanism, suggesting it is used only as a simple "download-and-execute" utility. [1]
ID: S0067
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 31 May 2017
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
| Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion |
pngdowner deletes content from C2 communications that was saved to the user's temporary directory.[1] |
| Enterprise | T1552 | .001 | Unsecured Credentials: Credentials In Files |
If an initial connectivity check fails, pngdowner attempts to extract proxy details and credentials from Windows Protected Storage and from the IE Credentials Store. This allows the adversary to use the proxy credentials for subsequent requests if they enable outbound HTTP access.[1] |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0024 | Putter Panda |
References
×